Probabilistic Full Disclosure Attack on IoT Network Authentication Protocol

  • Madiha KhalidEmail author
  • Umar Mujahid
  • Muhammad Najam-ul-Islam
  • Binh Tran
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 70)


The Internet of Things (IoTs) is one of the most promising technologies of 5G. The IoTs is basically a system of interconnected computing devices which are provided with unique identification number and capability of transmitting information without human intervention. Since the computing devices (sensors) in IoTs communicate with each other using wireless channel which is accessible for all types of adversaries. Therefore, mutual authentication protocols play an important role for secure communication between the computing nodes. Recently Tewari and Gupta proposed an extremely lightweight authentication protocol to ensure the security and privacy of IoT networks in a cost-effective manner. The proposed protocol uses only two bitwise logical operators; Rotation and XOR and claimed to be one of the most secure Ultralightweight Mutual Authentication Protocol (UMAP). In this paper we have highlighted probabilistic full disclosure attack on the said protocol and challenged their security claims. The proposed attack model is passive and success probability is close to unity.


Internet of things Mutual authentication Full disclosure attack 


  1. 1.
    Atzori, L., et al.: The social internet of things (siot)–when social networks meet the internet of things: concept, architecture and network characterization. Comput. Netw. 56(16), 3594–3608 (2012)CrossRefGoogle Scholar
  2. 2.
    Lin, J., et al.: A survey on internet of things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J. 4(5), 1125–1142 (2017)CrossRefGoogle Scholar
  3. 3.
    Mahmoud, R., et al.: Internet of things (IoT) security: current status, challenges and prospective measures. In: 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST). IEEE (2015)Google Scholar
  4. 4.
    Babar, S., et al.: Proposed security model and threat taxonomy for the Internet of Things (IoT). In: International Conference on Network Security and Applications, Springer (2010)Google Scholar
  5. 5.
    Ćika, D., Draganić, M., Šipuš, Z.: Active wireless sensor with radio frequency identification chip. In MIPRO, 2012 Proceedings of the 35th International Convention. IEEE (2012)Google Scholar
  6. 6.
    Tan, J., Koo, S.G.: A survey of technologies in internet of things. In: 2014 IEEE International Conference on Distributed Computing in Sensor Systems (DCOSS), IEEE (2014)Google Scholar
  7. 7.
    Finkenzeller, K.: RFID handbook: fundamentals and applications in contactless smart cards, radio frequency identification and near-field communication. Wiley (2010)Google Scholar
  8. 8.
    Class, E.: Generation-2 Class-1 Generation 2 UHF Air Interface Protocol Standard Version 1.2. 0. Gen. 2: p. 2008Google Scholar
  9. 9.
    Peris-Lopez, P., et al.: LMAP: A real lightweight mutual authentication protocol for low-cost RFID tags. In: Proceedings of 2nd Workshop on RFID Security (2006)Google Scholar
  10. 10.
    Peris-Lopez, P., et al.: EMAP: an efficient mutual-authentication protocol for low-cost RFID tags. In OTM Confederated International Conferences On the Move to Meaningful Internet Systems. Springer (2006)Google Scholar
  11. 11.
    Peris-Lopez, P., et al.: M2AP: a minimalist mutual-authentication protocol for low-cost RFID tags. In: International Conference on Ubiquitous Intelligence and Computing. Springer (2006)Google Scholar
  12. 12.
    Islam, S.: Security analysis of LMAP using AVISPA. Int. J. Secure. Netw. 9(1), 30–39 (2014)CrossRefGoogle Scholar
  13. 13.
    Li, T., Deng, R.: Vulnerability analysis of EMAP-an efficient RFID mutual authentication protocol. In: The Second International Conference on Availability, Reliability and Security, 2007. ARES 2007. IEEE (2007)Google Scholar
  14. 14.
    Bárász, M., et al.: Passive attack against the M2AP mutual authentication protocol for RFID tags. In Proceedings of First International EURASIP Workshop on RFID Technology (2007)Google Scholar
  15. 15.
    Chien, H.-Y.: Sasi: a new ultralightweight rfid authentication protocol providing strong authentication and strong integrity. IEEE Trans. Dependable Secure Comput. 4(4), 337–340 (2007)CrossRefGoogle Scholar
  16. 16.
    Mujahid, U., Najam-ul-Islam, M., Shami, M.A.: Rcia: a new ultralightweight rfid authentication protocol using recursive hash. Int. J. Distrib. Sens. Netw. 11(1), 642180 (2015)CrossRefGoogle Scholar
  17. 17.
    Mujahid, U., Najam-ul-Islam, M., Sarwar, S.: A new ultralightweight RFID authentication protocol for passive low cost tags: KMAP. Wireless Pers. Commun. 94(3), 725–744 (2017)CrossRefGoogle Scholar
  18. 18.
    Luo, H., et al.: SLAP: succinct and lightweight authentication protocol for low-cost RFID system. Wireless Netw. 24(1), 69–78 (2018)CrossRefGoogle Scholar
  19. 19.
    Sun, H.-M., Ting, W.-C., Wang, K.-H.: On the security of Chien’s ultralightweight RFID authentication protocol. IEEE Trans. Dependable Secure Comput. 8(2), 315–317 (2011)CrossRefGoogle Scholar
  20. 20.
    Avoine, G., Carpent, X., Martin, B.: Strong authentication and strong integrity (SASI) is not that strong. In International Workshop on Radio Frequency Identification: Security and Privacy Issues. Springer (2010)Google Scholar
  21. 21.
    Safkhani, M., Bagheri, N.: Generalized desynchronization attack on UMAP: application to RCIA, KMAP, SLAP and SASI + protocols. IACR Cryptology ePrint Arch. 2016, 905 (2016)Google Scholar
  22. 22.
    Tewari, A., Gupta, B.: Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. J. Supercomput. 73(3), 1085–1102 (2017)CrossRefGoogle Scholar
  23. 23.
    Adat, V., Gupta, B.: Security in internet of things: issues, challenges, taxonomy, and architecture. Telecommun. Syst. 67(3), 423–441 (2018)CrossRefGoogle Scholar
  24. 24.
    Safkhani, M., Bagheri, N.: Passive secret disclosure attack on an ultralightweight authentication protocol for internet of things. J. Supercomput. 73(8), 3579–3585 (2017)CrossRefGoogle Scholar
  25. 25.
    Hernandez-Castro, J.C., et al.: Cryptanalysis of the David-Prasad RFID ultralightweight authentication protocol. In International Workshop on Radio Frequency Identification: Security and Privacy Issues. Springer (2010)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Madiha Khalid
    • 1
    Email author
  • Umar Mujahid
    • 2
  • Muhammad Najam-ul-Islam
    • 1
  • Binh Tran
    • 2
  1. 1.Bahria UniversityIslamabadPakistan
  2. 2.Georgia Gwinnett CollegeLawrencevilleUSA

Personalised recommendations